[OSLC-CM] How many tools support (or plan to) OAuth?
Steve K Speicher
sspeiche at us.ibm.com
Wed Nov 25 08:58:48 EST 2009
Olivier Berger <olivier.berger at it-sudparis.eu> wrote on 11/25/2009
07:09:13 AM:
> Le vendredi 20 novembre 2009 à 12:14 -0500, Steve K Speicher a écrit :
> >
> > For ALM tool interoperability, a good authentication story is needed.
> > In CM 1.0, we sort of "punted" on the issue and made some general
> > statements about what SHOULD be supported: HTTP Basic auth, OAuth and
> > SSL. We never made it a MUST hard mandatory requirement.
> >
> > I'd like get some more information about where participants are with
> > respect to OAuth. If you don't know much about OAuth, there are some
> > good introductory resources at http://oauth.net
> >
> > So the kind of feedback I'm looking for is:
> > * What solutions are used today for cross-system
> > authentication?
> > * What are the current issues with today's solutions?
> > * Do any of your tools support OAuth today? If not, any plans.
> > If no plans, reasons for not adopting?
> >
> > Feel free to respond or we can talk on Wednesday.
> >
> >
>
> I believed that OAuth was only about permissions, i.e. authorizations,
> and not about authentication... but I may be wrong... care to clarify,
> anyone ?
Since the terms "authorization" and "authentication" are overloaded, I
think it would be best instead of me trying to describe OAuth here that I
defer to the http://oauth.net site for resources that describe it.
I did not intend to state a subset of OAuth or misrepresent it by saying
"cross-system authentication" as it is not a single-sign on solution. It
provides a way to authenticate users, then leverage that to authorize
cross-server access.
>
> Then if Oauth was only concerned with authorizations, what would be
> taking care of Auth : only Http(S) login + password ?
>
> Correct me if I'm wrong ;)
>
> In any case, in the specs, authn and authz should be distinctly
> addressed, I suppose.
>
> Sorry not to provide any more concrete feedback WRT tools : we're
> learning and intend to implement whatever will be in the specs in a dmo
> server to be developped, so no tool implementation available yet really
> (also, haven't fully checked if might be Mantis plugins/configs to
> support various existing Auth protocols already, as we're aiming at
> Mantis in a second time).
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://open-services.net/pipermail/oslc-cm_open-services.net/attachments/20091125/b697421f/attachment-0003.html>
More information about the Oslc-Cm
mailing list